Systems and methods for authenticating a caller at a call center

ABSTRACT

A system for authenticating the identity of a caller (i) receiving one or more online credentials of a caller initiating a phone call, where the one or more online credentials include one or more pieces of biometric information associated with the caller, and the one or more online credentials are received from a mobile device associated with the caller; (ii) requesting one or more additional online credentials associated with the mobile device; (iii) receiving the one or more additional online credentials; (iv) receiving telephone authentication information associated with the phone call; (v) authenticating the caller based, at least in part upon, the one or more online credentials, the one or more additional credentials, and the telephone authentication information; (vi) generating authentication status information based on the authentication of the caller; and (vii) transferring the authentication status information and the phone call to a call recipient.

RELATED APPLICATIONS

This application is a continuation application of, and claims thebenefit of, U.S. patent application Ser. No. 16/674,450, filed Nov. 5,2019, entitled “SYSTEMS AND METHODS FOR AUTHENTICATING A CALLER AT ACALL CENTER,” which is a continuation application of, and claims thebenefit of, U.S. patent application Ser. No. 16/180,503 (now U.S. Pat.No. 10,594,860), filed Nov. 5, 2018, entitled “SYSTEMS AND METHODS FORAUTHENTICATING A CALLER AT A CALL CENTER,” which is a continuationapplication of U.S. patent application Ser. No. 15/806,585 (now U.S.Pat. No. 10,158,754), filed Nov. 8, 2017, entitled “SYSTEMS AND METHODSFOR AUTHENTICATING A CALLER AT A CALL CENTER,” which is a continuationapplication of U.S. patent application Ser. No. 15/474,645 (now U.S.Pat. No. 9,894,199), filed Mar. 30, 2017, entitled “SYSTEMS AND METHODSFOR AUTHENTICATING A CALLER AT A CALL CENTER,” which claims priority toU.S. Provisional Patent Application No. 62/318,560, filed Apr. 5, 2016,entitled “SYSTEMS AND METHODS FOR AUTHENTICATING A CALLER AT A CALLCENTER” and U.S. Provisional Patent Application No. 62/345,473, filedJun. 3, 2016, entitled “SYSTEMS AND METHODS FOR AUTHENTICATING A CALLERAT A CALL CENTER,” the entire contents and disclosure of which arehereby incorporated by reference herein in their entirety.

FIELD OF THE DISCLOSURE

The present disclosure relates to authenticating a caller and, moreparticularly, to a network-based system and method for authenticating anidentity of a caller based upon attributes of the phone call and onlinecredentials of an active user session.

BACKGROUND

There are a small number of credentials available for authenticatingin-bound customers in a call center. Call centers may currently rely ontraditional verbal interactions with customers through the use ofcustomer verification, PIN codes, Knowledge Based Authenticationquestions, as well as Automatic Number Identification (ANI) and DialedNumber Identification Service (DNIS). Using verbal interactions may taketime and potentially annoy the customer. Two additional non-traditionalmethods available may include user enrolled voice biometrics and phoneprint (phone as an ownership token). These technologies exist in helpingto identify a customer but are not as secure as online credentials.

BRIEF SUMMARY

The present embodiments may relate to systems and methods forauthenticating a caller. A caller authenticating system, as describedherein, may include a call authenticating (“CA”) computer device that isin communication with a remote computer device associated with a caller.The CA computer device may be configured to (1) receive a phone callfrom a caller, where the phone call is initiated through an applicationprocessing or executing on a remote computer device associated with thecaller and where the phone call includes one or more phoneauthentication credentials that include at least one of (i) a phoneauthentication system; (ii) data verification system; (iii) automaticnumber identification; (iv) dialed number identification service; and(v) a root check system result; (2) place the received phone call in aqueue; (3) compare the one or more phone authentication credentials witha stored database of identities; (4) determine the preliminary identityof the caller based upon the comparison; (5) receive onlineauthentication credentials from the application on the remote computerdevice, wherein the online authentication credentials include at leastone of a mobile device print, geolocation data, a user fingerprint,facial recognition information, public key infrastructure token, QRcode, pincode, and username+password; (6) compare the one or more onlinecredentials with the preliminary identity and the database ofidentities; (7) determine a confirmed identity of the caller based uponthe comparison; (8) release the phone call from the queue based upondetermining a confirmed identity of the caller; and/or (9) display theconfirmed identity of the caller to a user answering the phone callincluding a caller name and a phone number associated with the phonecall.

At least one advantage of this system is that verification of a calleris performed behind the scenes, and the caller does not have to takeextra actions beyond logging into the application and hitting the callbutton to perform authentication and verification. This may reduce thetime that the caller has to jump through hoops before being able todiscuss the reason for his or her call to the call center associate.Another advantage of the system is that the system described herein mayprovide the call center associate with a higher level of assurance thatthe caller is who he or she claims to be, and therefore allows the callcenter associate more confidence in providing information and assistanceto the caller.

In one aspect, a computer system for authenticating the identity of acaller may be provided. The computer system may include at least oneprocessor in communication with at least one memory device. The at leastone processor may be configured or programmed to: (1) receive a phonecall from a caller, where the phone call is initiated through anapplication operating on a remote computer device associated with thecaller, and where the phone call includes one or more phoneauthentication credentials; (2) determine a preliminary identity of thecaller based upon the one or more phone authentication credentials; (3)receive online authentication credentials from the application on theremote computer device; (4) determine a confirmed identity of the callerbased, at least in part, on the one or more online credentials and thepreliminary identity of the caller; and/or (5) display the confirmedidentity of the caller to a user answering the phone call to facilitatequickly and automatically authenticating the identity of the caller toprevent the caller from being negatively impacted by lengthy andpotentially annoying authentication procedures (e.g., answering aplurality of security questions and/or manually providing authenticationinformation). The computer system may have additional, less, oralternate functionality, including that discussed elsewhere herein.

In another aspect, a computer-based method for authenticating theidentity of a caller may be provided. The method may be implemented on acall authenticating (“CA”) server that includes at least one processorin communication with at least one memory device. The method mayinclude: (1) receiving, at the CA server, a phone call from a caller,where the phone call is initiated through an application operating on aremote computer device associated with the caller, and where the phonecall includes one or more phone authentication credentials; (2)determining, by the CA server, a preliminary identity of the callerbased upon the one or more phone authentication credentials; (3)receiving, at the CA server, online authentication credentials from theapplication on the remote computer device; (4) determining, by the CAserver, a confirmed identity of the caller based, at least in part, onthe one or more online credentials and the preliminary identity of thecaller; and/or (5) displaying the confirmed identity of the caller to auser answering the phone call facilitate quickly and automaticallyauthenticating the identity of the caller to prevent the caller frombeing negatively impacted by lengthy and potentially annoyingauthentication procedures. The method may include additional, less, oralternate actions, including those discussed elsewhere herein.

In yet another aspect, at least one non-transitory computer-readablestorage media having computer-executable instructions embodied thereonmay be provided. When executed by at least one processor, thecomputer-executable instructions may cause the processor to: (1) receivea phone call from a caller, where the phone call is initiated through anapplication operating on a remote computer device associated with thecaller, and where the phone call includes one or more phoneauthentication credentials; (2) determine a preliminary identity of thecaller based upon the one or more phone authentication credentials; (3)receive online authentication credentials from the application on theremote computer device; (4) determine a confirmed identity of the callerbased, at least in part, on the one or more online credentials and thepreliminary identity of the caller; and/or (5) display the confirmedidentity of the caller to a user answering the phone call. Thecomputer-executable instructions may direct additional, less, oralternate functionality, including that discussed elsewhere herein.

In still another aspect, a computer system for authenticating theidentity of a caller may be provided. The computer system may include atleast one processor, sensor, and/or transceiver in communication with atleast one memory device, the at least one processor, sensor, and/ortransceiver. The at least one processor may be programmed to (1) receivea phone call from a caller, where the phone call is initiated through anapplication operating on a remote computer device associated with thecaller, and where the phone call includes one or more phoneauthentication credentials; (2) determine a preliminary identity of thecaller based upon the one or more phone authentication credentials; (3)receive online authentication credentials from the application on theremote computer device; (4) determine a confirmed identity of the callerbased, at least in part, on the one or more online credentials and thepreliminary identity of the caller; and/or (5) display the confirmedidentity of the caller to a user answering the phone call. The computersystem may include additional, less, or alternate functionality,including that discussed elsewhere herein.

In a different aspect, a computer-based method for authenticating theidentity of a caller may be provided. The method may include (1)receiving, via one or more processors and/or transceivers, a phone callfrom a caller, where the phone call is initiated through an applicationoperating on a remote computer device associated with the caller, andwhere the phone call includes one or more phone authenticationcredentials; (2) determining, via the one or more processors, apreliminary identity of the caller based upon the one or more phoneauthentication credentials; (3) receiving, via the one or moreprocessors and/or transceivers, online authentication credentials fromthe application on the remote computer device; (4) determining, via theone or more processors, a confirmed identity of the caller based, atleast in part, on the one or more online credentials and the preliminaryidentity of the caller; and/or (5) displaying the confirmed identity ofthe caller to a user answering the phone call. The method may includeadditional, less, or alternate actions, including those discussedelsewhere herein.

In still a different aspect, a computer-based method for authenticatingthe identity of a caller may be provided. The method may include (1)receiving, via one or more processors and/or transceivers, one or moreonline credentials of a caller initiating a phone call, wherein the oneor more online credentials include one or more pieces of biometricinformation associated with the caller, and wherein the one or moreonline credentials are received from a mobile device associated with thecaller; (2) requesting, from the mobile device, one or more additionalonline credentials associated with the caller, wherein the additionalonline credentials are associated with the mobile device; (3) receiving,from the mobile device, the one or more additional online credentials;(4) receiving, from a telephone authentication server, telephoneauthentication information associated with the phone call; (5)authenticating the caller based, at least in part upon, the one or moreonline credentials, the one or more additional credentials, and thetelephone authentication information; (6) generating authenticationstatus information based on the authentication of the caller; and (7)transferring the authentication status information and the phone call toa call recipient. The method may include additional, less, or alternateactions, including those discussed elsewhere herein.

In yet still a different aspect, a computer-based method forauthenticating the identity of a caller may be provided. The method mayinclude (1): receiving, via one or more processors and/or transceivers,one or more online credentials of a caller initiating a phone call,wherein the one or more online credentials include one or more pieces ofbiometric information associated with the caller, and wherein the one ormore online credentials are received from a mobile device associatedwith the caller; (2) requesting, from the mobile device, one or moreadditional online credentials associated with the caller, wherein theadditional online credentials are associated with the mobile device; (3)receiving, from the mobile device, the one or more additional onlinecredentials; (4) authenticating the caller based, at least in part upon,the one or more online credentials and the one or more additionalcredentials; (5) generating authentication information based on theauthentication of the caller; (6) associating a temporary phone numberwith the caller; (7) transmitting calling instructions to the mobiledevice, wherein the calling instructions include the temporary phonenumber and instructions to dial the temporary phone number; (8)receiving, from the mobile device, a phone call to the temporary phonenumber; and (9) transferring the authentication information and thephone call to a call recipient. The method may include additional, less,or alternate actions, including those discussed elsewhere herein.

In still a different aspect, a computer-based method for authenticatingthe identity of a caller may be provided. The method may include (1)receiving, via one or more processors and/or transceivers, one or moreonline credentials of a caller initiating a phone call, wherein the oneor more online credentials include one or more pieces of biometricinformation associated with the caller, and wherein the one or moreonline credentials are received from a mobile device associated with thecaller; (2) requesting, from the mobile device, one or more additionalonline credentials associated with the caller, wherein the additionalonline credentials are associated with the mobile device; (3) receiving,from the mobile device, the one or more additional online credentials;(4) authenticating the caller based, at least in part upon, the one ormore online credentials and the one or more additional credentials; (5)generating authentication information based on the authentication of thecaller; (6) transmitting calling instructions to the mobile deviceinstructing the mobile device to dial the phone call; (7) receiving,from the mobile device, the phone call; and (8) transferring theauthentication information and the phone call to a call recipient. Themethod may include additional, less, or alternate actions, includingthose discussed elsewhere herein.

Advantages will become more apparent to those skilled in the art fromthe following description of the preferred embodiments which have beenshown and described by way of illustration. As will be realized, thepresent embodiments may be capable of other and different embodiments,and their details are capable of modification in various respects.Accordingly, the drawings and description are to be regarded asillustrative in nature and not as restrictive.

BRIEF DESCRIPTION OF THE DRAWINGS

The Figures described below depict various aspects of the systems andmethods disclosed therein. It should be understood that each Figuredepicts an embodiment of a particular aspect of the disclosed systemsand methods, and that each of the Figures is intended to accord with apossible embodiment thereof. Further, wherever possible, the followingdescription refers to the reference numerals included in the followingFigures, in which features depicted in multiple Figures are designatedwith consistent reference numerals.

There are shown in the drawings arrangements which are presentlydiscussed, it being understood, however, that the present embodimentsare not limited to the precise arrangements and are instrumentalitiesshown, wherein:

FIG. 1 illustrates a schematic diagram of a first exemplary embodimentof a process of authenticating a caller using authentication credentialsfrom both phone and online sources.

FIG. 2 illustrates a schematic diagram of a second exemplary embodimentof the process of authenticating a caller using authenticationcredentials from both phone and online sources.

FIG. 3 illustrates a flow chart of an exemplary process forauthenticating a caller using authentication credentials from both phoneand online sources shown in FIG. 1 .

FIG. 4 illustrates a flow chart of an exemplary computer-implementedprocess for authenticating a caller using authentication credentialsfrom both phone and online sources.

FIG. 5 illustrates a simplified block diagram of an exemplary system forimplementing the process shown in FIG. 1 .

FIG. 6 illustrates an exemplary configuration of a client computerdevice shown in FIG. 5 , in accordance with one embodiment of thepresent disclosure.

FIG. 7 illustrates an exemplary configuration of a server shown in FIG.5 , in accordance with one embodiment of the present disclosure.

FIG. 8 illustrates a diagram of components of one or more exemplarycomputing devices that may be used in the system shown in FIG. 5 .

FIG. 9 depicts a mobile device application (“App”) for use withauthenticating a caller.

FIGS. 10A-10C depict an exemplary detailed schematic diagram of theprocess of authenticating a caller using authentication credentials fromboth phone and online sources where the caller initiated the call usingan application.

FIG. 11 depicts an exemplary detailed sequence flow of a process ofauthenticating a caller using authentication credentials from both phoneand online sources where the caller initiated the call using anapplication.

FIG. 12 depicts an additional exemplary detailed sequence flow of aprocess of authenticating a caller using authentication credentials fromboth phone and online sources where the caller initiated the call usingan application.

The Figures depict preferred embodiments for purposes of illustrationonly. One skilled in the art will readily recognize from the followingdiscussion that alternative embodiments of the systems and methodsillustrated herein may be employed without departing from the principlesof the invention described herein.

DETAILED DESCRIPTION OF THE DRAWINGS

The present embodiments may relate to, inter alia, systems and methodsfor authenticating a caller by combining telephony based authenticationwith online authentication. In one exemplary embodiment, the process maybe performed by a call authenticating (“CA”) computer device, also knownas a call authenticating (“CA”) server.

In the exemplary embodiment, the caller may have registered with theprovider of the application and the call center. The caller may haveprovided identification and authentication information that the providerstored in a database that is accessible by the CA server. For instance,caller may be a policyholder with an insurance provider. The applicationmay be provided by the insurance provider, and the call center may be acall center for the insurance provider, such as a customer service callcenter.

In the exemplary embodiment, a caller may be associated with a remotecomputer device, such as a cellphone. The remote computer device mayinclude at least one computer application (e.g., computer cookie orinstance code executed by the user device). The application may requirethe caller to log in to unlock and/or activate the application. Theapplication may be configured to initiate a phone call to a phonenumber. In the exemplary embodiment, the phone call may be placed to acall center, where the call center may be a customer service callcenter. In other embodiments, the phone call may be to an individual orto a business. In the exemplary embodiment, the application may beinstalled on the remote computer device, which is capable of placingcellular calls.

The application may initiate a phone call through a separate componentor application on the remote computer device, such as a dialerapplication. In some embodiments, the dialer application may beintegrated into the application. In other embodiments, the phone callmay be initiated through a voice over IP (VoIP) application orcomponent. For example, the remote computer device may be a tabletdevice without cellular capabilities.

When the application initiates the phone call, the application may opena connection to a call authenticating (CA) server through two paths. Thefirst path is through the phone. In this path, the application may callthe CA server through a phone call. This call may use a telephony-basedconnection. As a part of the phone call, the application or remotecomputer device may transmit phone credentials along with the phone callto the CA server. While the phone call is being initiated, theapplication also may make or may have already made a connection to theCA server through an online path. The application may transmit onlinecredentials to the CA server.

Phone credentials may include, but are not limited to, automatic numberidentification (ANI), dialed number identification service results orinputs, phone authentication system inputs or results, and/or root checksystem results. Online credentials may include, but are not limited to,a mobile device print, geolocation data, a user fingerprint, facialrecognition information, public key infrastructure token, QR code,pincode, username+password, and/or acknowledgment of a successfulaccessing of application (i.e., verification code). For example, onlinecredentials may be the credentials that the caller entered into theapplication to activate the application. In other embodiments, onlinecredentials may be the credentials that the caller used to activate theremote computer device.

A mobile device print may include one or more metadata attributes of themobile device on which the application is currently running (i.e.,software version, device number, etc.). This data may be compared toinformation about the device that the application was downloaded onto.Geolocation data may include data about where the remote device islocated and may be compared to where the phone call is being routedfrom. A user fingerprint or facial recognition information may be takenwhen the user logins to the application or when the user logins to theremote device. In some embodiments, the application transfers the rawdata for the online credentials to an authentication server or the CAserver. In other embodiments, the application performs the verificationcheck and transmits an indication of a successful verification to the CAserver.

The CA server may use both phone credentials and online credentials toauthenticate the caller. In the exemplary embodiment, the CA server mayuse phone credentials to determine a potential identity of the caller,such as matching the caller's phone number with the caller's name in adatabase. The CA server may then use online credentials to confirm thecaller's identity by comparing one or more of the received onlinecredentials with information stored in the database. The CA server maythen display the confirmed identity of the caller to a user, such as acustomer care associate. For example, the CA server may cause thecaller's name and phone number to appear on a computer device associatedwith user/customer care associate.

In some embodiments, the CA server may manage a queue of callers, wherephone calls from callers are placed into the queue while waiting until acustomer care associate is available to handle the next call in a queue.When the CA server receives a call, the CA server may place the call inthe queue while authenticating the identity of the caller. Once theidentity of the caller has been confirmed, the CA server may thenrelease the call from the queue and connect the call to the nextavailable user/customer care associate.

In some embodiments, the caller may have registered with the provider ofthe application and the call center. The caller has providedidentification and authentication information that the provider hasstored in the database that is accessible by the CA server. Forinstance, the caller may be a policyholder with an insurance provider.The application may be provided by the insurance provider and the callcenter may be a call center for the insurance provider, such as acustomer service call center. The database may be configured to store aplurality of pieces of information that may be used to confirm theidentity of a caller.

In some embodiments, the identity of caller is associated with differentlevels of assurance. When the caller has been identified with the phonecredentials, then the identity of the caller may be associated with atfirst level of assurance. When the identity of the caller has beenconfirmed with the online credentials, then the identity of the callermay be associated with a second level of assurance. The second levelassurance being higher than the first level of assurance.

At least one of the technical problems addressed by this system mayinclude: (i) improving speed and efficiency of authenticating a caller;(ii) obfuscating the authentication process from the caller to reducethe burden on the caller; (iii) saving time for the caller by removingthe need to ask the caller authentication questions; and/or (iv)providing multi-factor authentication for the identity of callers.

The technical effect achieved by this system may be at least one of: (i)automated detection the identity of the caller; (ii) automatedauthentication of the identity of the caller; (iii) automated and/orsimplified authentication procedures while caller is waiting in a callqueue; (iv) tying the online identity of the caller with the phone callinformation; (v) improved speed in answering the needs of callers; (vi)higher level of assurance in the identity of the caller; (vii) reducingthe potential for negatively impacting the caller; and/or (viii)obfuscating the authentication process from the view of the caller

The methods and systems described herein may be implemented usingcomputer programming or engineering techniques including computersoftware, firmware, hardware, or any combination or subset thereof,wherein the technical effects may be achieved by performing at least oneof the following steps: (a) receiving, at a CA server, a phone call froma caller, where the phone call is initiated through an application on aremote computer device associated with the caller, and where the phonecall includes one or more phone authentication credentials; (2)determining, by the CA server, a preliminary identity of the callerbased upon the one or more phone authentication credentials; (3)receiving, at the CA server, online authentication credentials from theapplication on the remote computer device; (4) determining, by the CAserver, a confirmed identity of the caller based, at least in part, onthe one or more online credentials and the preliminary identity of thecaller; and/or (5) displaying the confirmed identity of the caller to auser answering the phone call facilitate quickly and automaticallyauthenticating the identity of the caller to prevent the caller frombeing negatively impacted by lengthy and potentially annoyingauthentication procedures.

Exemplary Process for Authenticating a Caller

FIG. 1 depicts a schematic diagram of a first embodiment of a process100 of authenticating a caller using authentication credentials fromboth phone and online sources.

In the exemplary embodiment, a caller 105 may be associated with aremote computer device 110, such as a smartphone or cellphone. Remotecomputer device 110 may include at least one application 115.Application 115 may require caller 105 to log in to unlock and/oractivate application 115. Application 115 may be configured to initiatea phone call to a phone number. In the exemplary embodiment, the phonecall may be placed to a call center, where the call center may be acustomer service call center. In other embodiments, the phone call maybe to an individual or to a business. In the exemplary embodiment,application 115 may be installed on remote computer device 110, which iscapable of placing cellular calls.

In process 100, application 115 may initiate a phone call through aseparate component or application on remote computer device 110, such asa dialer application. In some embodiments, the dialer application may beintegrated into application 115. In other embodiments, the phone callmay be initiated through a voice over IP (VoIP) application orcomponent. For example, remote computer device 110 may be a tabletdevice without cellular capabilities.

When application 115 initiates the phone call, application 115 may opena connection to a call authenticating (CA) server 140 through two paths.The first path may be through the phone 120. In this path, application115 may call CA server 140 through a phone call. This call may usetelephony based connection. As a part of the phone call, application 115or remote computer device 110 may transmit phone credentials 125 alongwith the phone call to the CA server 140. While the phone call is beinginitiated, application 115 also may make a connection to CA server 140through an online path 130. Application 115 may transmit onlinecredentials 135 to CA server 140.

Phone credentials 125 may include, but are not limited to, automaticnumber identification (ANI), dialed number identification serviceresults or inputs, phone authentication system inputs or results, and/orroot check system results. Online credentials 135 may include, but arenot limited to, a mobile device print, geolocation data, a userfingerprint, facial recognition information, public key infrastructuretoken, QR code, pincode, username+password, and/or acknowledgment of asuccessful accessing of application 115.

For example, online credentials 135 may be the credentials that caller105 entered into application 115 to activate application 115. In otherembodiments, online credentials 135 may be the credentials that caller105 used to activate remote computer device 110.

CA server 140 may use both phone credentials 125 and online credentials135 to authenticate caller 105. In the example embodiment, CA server 140may use phone credentials 125 to determine a potential identity ofcaller 105, such as matching caller's phone number with the caller'sname in a database 520 (shown in FIG. 5 ). CA server 140 may then useonline credentials 135 to confirm the caller's identity by comparing oneor more of the received online credentials 135 with information storedin database 520. CA server 140 may then display the confirmed identityof caller 105 to a user 145, such as a customer care associate (alsoreferred to herein as a center representative 145). For example, CAserver 140 may cause the caller's name and phone number to appear on acomputer device associated with user 145.

In some embodiments, CA server 140 may manage a queue of callers, wherephone calls from callers are placed into the queue while waiting until acustomer care associate is available to handle the next call in a queue.When CA server 140 receives a call, CA server 140 may place the call inthe queue while authenticating the identity of caller 105. Once theidentity of caller 105 has been confirmed, CA server 140 may thenrelease the call from the queue and connect the call to the nextavailable customer care associate.

In some embodiments, caller 105 has registered with the provider of theapplication and the call center. Caller 105 has provided identificationand authentication information that the provider has stored in database520 (shown in FIG. 5 ) that is accessible by CA server 140. Forinstance, caller 105 may be a policyholder with an insurance provider.Application 115 may be provided by the insurance provider and the callcenter may be a call center for the insurance provider, such as acustomer service call center. Database 520 may be configured to store aplurality of pieces of information that may be used to confirm theidentity of a caller.

In some embodiments, the identity of caller 105 may be associated withdifferent levels of assurance. When caller 105 has been identified withthe phone credentials 125, then the identity of caller 105 may beassociated with at first level of assurance. When the identity of thecaller has been confirmed with the online credentials 135, then theidentity of caller 105 may be associated with a second level ofassurance. The second level assurance being higher than the first levelof assurance.

FIG. 2 illustrates a schematic diagram of a second embodiment of anexemplary process 200 of authenticating caller 105 using authenticationcredentials from both phone and online sources. In process 200,application 115 may transmit phone credentials 125 to a phoneauthentication server 205. Phone authentication server 205 may processphone credentials 125 and transmit the results to CA server 140.Application 115 also may transmit online credentials 135 to an onlineauthentication server 210. Online authentication server 210 may processonline credentials 135 and transmit the results to CA server 140. In theexemplary embodiment, online authentication server 210 and phoneauthentication server 205 may be associated with CA server 140. In otherembodiments, online authentication server 210 and phone authenticationserver 205 may be associated with third party authentication serviceswhich receive credentials and provide authentication results.

In other embodiments, there may be multiple online authenticationservers 210 and/or phone authentication servers 205 in communicationwith CA server 140. Each server may provide a different type ofauthentication or analyze a different credential. Furthermore, thesystem may only include phone authentication servers 205 or onlineauthentication servers 210. In still other embodiments, CA server 140may receive phone credentials 125 and online credentials 135, where CAserver 140 transmits the credentials to the corresponding authenticationserver.

FIG. 3 illustrates a flow chart of the exemplary process 300 forauthenticating a caller using authentication credentials from both phoneand online sources. The steps of process 300 may be implementedpartially by application 115 and partially by CA server 140 (both shownin FIG. 1 .)

In the exemplary embodiment, caller 105 (shown in FIG. 1 ) logs 305 intoapplication 115 using credentials. For example, these credentials mayinclude a username and password, a pin code, or a caller fingerprint.Caller 105 may use 310 application 115 to initiate a phone call, such asto a call center. Application 115 may dial 315 call center. Phonecredentials 125 (shown in FIG. 1 ) may be processed 320. In someembodiments, processing 320 of phone credentials 125 may be performed byCA server 140. In other embodiments, processing 320 may be performed byone or more phone authentication servers 205 (shown in FIG. 2 ).Simultaneous to steps 315 and 320, application may transmit 325 onlinecredentials 135 (shown in FIG. 1 ).

Then, the online credentials 135 may be processed 330. In someembodiments, processing 330 of online credentials 135 may be performedby CA server 140. In other embodiments, processing 330 may be performedby one or more online authentication servers 210 (shown in FIG. 2 ).

CA server 140 may link 335 phone credentials 125 and online credentials135 to confirm the identity of caller 105. CA server 140 may connect 340the call to user 145 (shown in FIG. 1 ) and cause the confirmed identityto be displayed to user 145.

In some embodiments, application 115 may include a session-basedconnection to CA server 140. The session-based connection may be set toexpire based upon a time-out. For example, the time-out may be 30seconds. After 30 seconds of inactivity on application 115, application115 may close the session to conserve resources. However, while a phonecall is connected through application 115, the session may remain open.Application 115 may override the timeout while the phone call isconnected. In addition, Application 115 may receive a ping from CAserver 140 to indicate that the phone call is active and to keep thesession active.

In some embodiments, CA server 140 may transmit one or more inquiries tocaller 105 through application 115. In these embodiments, application115 may show the inquiry to caller 105. Application 115 may then receivethe caller's input and transmits the caller inputs to CA server 140. Insome of these embodiments, CA server 140 may transmit this inquiry whilecaller 105 is connected on the phone call.

Exemplary Computer-Implemented Method for Authenticating a Caller

FIG. 4 illustrates a flow chart of an exemplary computer-implementedprocess 400 for authenticating a caller using authentication credentialsfrom both phone and online sources as shown in FIG. 2 . Process 400 maybe implemented by a computing device, for example CA server 140 (shownin FIG. 1 ). In the exemplary embodiment, CA server 140 may be incommunication with remote computer device 110, application 115, and usercomputer device 505 (shown in FIG. 5 ).

In the exemplary embodiment, CA server 140 may receive 405 a phone callfrom caller 105 including one or more phone authentication credentials125 (both shown in FIG. 1 .) CA server 140 may determine 410 apreliminary identity of caller 105 based upon the one or more phoneauthentication credentials 125. For example, CA server 140 may receive aphone number of caller 105 as one of the phone authenticationcredentials 125. CA server 140 compares the phone number with a databaseof stored identities to determine 410 a preliminary identity of caller105 based upon the phone number.

CA server 140 may receive 415 online authentication credentials 135(shown in FIG. 1 ) from application 115 on remote computer device 110.CA server 140 may use online authentication credentials 135 to determinea confirmed identity of caller 105 based, at least in part, on the oneor more online authentication credentials 135 and the preliminaryidentity of caller 105. For example, CA server 140 may receive 415 ausername and password that caller 105 used to log in to application 115.CA server 140 may compare the received username and password withinformation stored about caller 105 in database 520. If the username andpassword are confirmed, CA server 140 determines/confirms 420 theidentity of caller 105.

CA server 140 may transmit the confirmed identity of caller 105 to acomputer device associated with user 145, so that the computer devicewill display 425 the confirmed identity of caller 105 to user 145. Inthe exemplary embodiment, user 145 may request caller's name whenstarting the call as a final check on the identity of caller 105.

Exemplary Computer Network

FIG. 5 depicts a simplified block diagram of an exemplary system 500 forimplementing process 100 shown in FIG. 1 . In the exemplary embodiment,system 500 may be used for placing a caller in a queue, receiving bothphone and online credentials, and authenticating the identity of thecaller based upon the phone and online credentials. As described belowin more detail, call authenticating (“CA”) server 140 (shown in FIG. 1 )may be configured to receive a phone call from a caller including phoneauthentication credentials, determine a preliminary identity of thecaller based upon the one or more phone authentication credentials,receive online authentication credentials from the application on theremote computer device, determine a confirmed identity of the callerbased, at least in part, on the one or more online credentials and thepreliminary identity of the caller, and/or display the confirmedidentity of the caller to a user answering the phone call.

In the exemplary embodiment, user computer devices 505 may be computersthat include a web browser or a software application, which enables usercomputer devices 505 to access CA server 140 using the Internet or othernetwork. More specifically, user computer devices 505 may becommunicatively coupled to the Internet through many interfacesincluding, but not limited to, at least one of a network, such as theInternet, a local area network (LAN), a wide area network (WAN), or anintegrated services digital network (ISDN), a dial-up-connection, adigital subscriber line (DSL), a cellular phone connection, and a cablemodem. User computer devices 505 may be any device capable of accessingthe Internet including, but not limited to, a desktop computer, a laptopcomputer, a personal digital assistant (PDA), a cellular phone, asmartphone, a tablet, a phablet, wearable electronics, smart watch, orother web-based connectable equipment or mobile devices.

A database server 510 may be communicatively coupled to a database 520that stores data. In one embodiment, database 520 may include phoneauthentication credentials, online authentication credentials, and/orlistings of identities for callers. In the exemplary embodiment,database 520 may be stored remotely from CA server 140. In someembodiments, database 520 may be decentralized. In the exemplaryembodiment, a person may access database 520 via user computer devices505 by logging onto CA server 140, as described herein.

CA server 140 may be communicatively coupled with the user computerdevices 505. In some embodiments, CA server 140 may be associated with,or is part of a computer network associated with call center, or incommunication with the call center's computer network (not shown). Inother embodiments, CA server 140 may be associated with a third partyand is merely in communication with the call center's computer network.In some embodiments, the call center may be associated with an insuranceprovider.

One or more remote computer devices 110 may be communicatively coupledwith CA server 140 through the Internet. In the exemplary embodiment,remote computer devices 110 may be computers that include a web browseror a software application (such as application 115), which enablesremote computer devices 110 to access CA server 140 using the Internetor other network. More specifically, remote computer devices 110 may becommunicatively coupled to the Internet through many interfacesincluding, but not limited to, at least one of a network, such as theInternet, a local area network (LAN), a wide area network (WAN), or anintegrated services digital network (ISDN), a dial-up-connection, adigital subscriber line (DSL), a cellular phone connection, and a cablemodem. Remote computer devices 110 may be any device capable ofaccessing the Internet including, but not limited to, a desktopcomputer, a laptop computer, a personal digital assistant (PDA), acellular phone, a smartphone, a tablet, a phablet, wearable electronics,smart watch, or other web-based connectable equipment or mobile devices.

In the exemplary embodiment, application 115 may be a software programthat allows remote computer device 110 to connect a phone call to usercomputer device 505 through CA server 140. Application 115 may include aplurality of phone numbers that when selected by a caller to initiate aphone call. Application 115 may include a dialer component or may be incommunication with at a dialer component. In some embodiments,application 115 may initiate the phone call through a voice over IP(VoIP) component.

Exemplary Client Device

FIG. 6 depicts an exemplary configuration of a user computer device 505shown in FIG. 5 , in accordance with one embodiment of the presentdisclosure. User computer device 602 may be operated by a user 601. Usercomputer device 602 may include, but is not limited to, user computerdevices 505 (shown in FIG. 5 ) and remote computer device 110 (shown inFIG. 1 ). User computer device 602 may include a processor 605 forexecuting instructions. In some embodiments, executable instructions maybe stored in a memory area 610. Processor 605 may include one or moreprocessing units (e.g., in a multi-core configuration). Memory area 610may be any device allowing information such as executable instructionsand/or transaction data to be stored and retrieved. Memory area 610 mayinclude one or more computer readable media.

User computer device 602 may also include at least one media outputcomponent 615 for presenting information to user 601. Media outputcomponent 615 may be any component capable of conveying information touser 601. In some embodiments, media output component 615 may include anoutput adapter (not shown) such as a video adapter and/or an audioadapter. An output adapter may be operatively coupled to processor 605and operatively coupleable to an output device such as a display device(e.g., a cathode ray tube (CRT), liquid crystal display (LCD), lightemitting diode (LED) display, or “electronic ink” display) or an audiooutput device (e.g., a speaker or headphones).

In some embodiments, media output component 615 may be configured topresent a graphical user interface (e.g., a web browser and/or a clientapplication) to user 601. A graphical user interface may include, forexample, an online store interface for viewing and/or purchasing items,and/or a wallet application for managing payment information. In someembodiments, user computer device 602 may include an input device 620for receiving input from user 601. User 601 may use input device 620 to,without limitation, select and/or enter one or more items to purchaseand/or a purchase request, or to access credential information, and/orpayment information.

Input device 620 may include, for example, a keyboard, a pointingdevice, a mouse, a stylus, a touch sensitive panel (e.g., a touch pad ora touch screen), a gyroscope, an accelerometer, a position detector, abiometric input device, and/or an audio input device. A single componentsuch as a touch screen may function as both an output device of mediaoutput component 615 and input device 620.

User computer device 602 may also include a communication interface 625,communicatively coupled to a remote device such as CA server 140 (shownin FIG. 1 ). Communication interface 625 may include, for example, awired or wireless network adapter and/or a wireless data transceiver foruse with a mobile telecommunications network.

Stored in memory area 610 are, for example, computer readableinstructions for providing a user interface to user 601 via media outputcomponent 615 and, optionally, receiving and processing input from inputdevice 620. A user interface may include, among other possibilities, aweb browser and/or a client application. Web browsers enable users, suchas user 601, to display and interact with media and other informationtypically embedded on a web page or a website from CA server 140. Aclient application (such as application 115 shown in FIG. 1 ) allowsuser 601 to interact with, for example, CA server 140. For example,instructions may be stored by a cloud service, and the output of theexecution of the instructions sent to the media output component 615.

Processor 605 executes computer-executable instructions for implementingaspects of the disclosure. In some embodiments, the processor 605 istransformed into a special purpose microprocessor by executingcomputer-executable instructions or by otherwise being programmed.

Exemplary Server Device

FIG. 7 depicts an exemplary configuration of a CA server 140 shown inFIG. 5 , in accordance with one exemplary embodiment of the presentdisclosure. Server computer device 701 may include, but is not limitedto, database server 510 (shown in FIG. 5 ), CA server 140, phoneauthentication server 205, and online authentication server 210 (bothshown in FIG. 2 ). Server computer device 701 may also include aprocessor 705 for executing instructions. Instructions may be stored ina memory area 710. Processor 705 may include one or more processingunits (e.g., in a multi-core configuration).

Processor 705 may be operatively coupled to a communication interface715 such that server computer device 701 is capable of communicatingwith a remote device, such as another server computer device 701, remotecomputer device 110 (shown in FIG. 1 ), user computer device 505 (shownin FIG. 5 ), phone authentication server 205, and/or onlineauthentication server 210. For example, communication interface 715 mayreceive requests from remote computer devices 110 via the Internet, asillustrated in FIG. 5 .

Processor 705 may also be operatively coupled to a storage device 734.Storage device 734 may be any computer-operated hardware suitable forstoring and/or retrieving data, such as, but not limited to, dataassociated with database 520 (shown in FIG. 5 ). In some embodiments,storage device 734 may be integrated in server computer device 701. Forexample, server computer device 701 may include one or more hard diskdrives as storage device 734.

In other embodiments, storage device 734 may be external to servercomputer device 701 and may be accessed by a plurality of servercomputer devices 701. For example, storage device 734 may include astorage area network (SAN), a network attached storage (NAS) system,and/or multiple storage units such as hard disks and/or solid statedisks in a redundant array of inexpensive disks (RAID) configuration.

In some embodiments, processor 705 may be operatively coupled to storagedevice 734 via a storage interface 720. Storage interface 720 may be anycomponent capable of providing processor 705 with access to storagedevice 734. Storage interface 720 may include, for example, an AdvancedTechnology Attachment (ATA) adapter, a Serial ATA (SATA) adapter, aSmall Computer System Interface (SCSI) adapter, a RAID controller, a SANadapter, a network adapter, and/or any component providing processor 705with access to storage device 734.

Processor 705 may execute computer-executable instructions forimplementing aspects of the disclosure. In some embodiments, theprocessor 705 may be transformed into a special purpose microprocessorby executing computer-executable instructions or by otherwise beingprogrammed. For example, the processor 705 may be programmed with theinstruction such as illustrated in FIG. 4 .

Exemplary Computer Device

FIG. 8 depicts a diagram 800 of components of one or more exemplarycomputing devices 810 that may be used in system 500 shown in FIG. 5 .In some embodiments, computing device 810 may be similar to CA server140 (shown in FIG. 1 ). Database 820 may be coupled with severalseparate components within computing device 810, which perform specifictasks. In this embodiment, database 820 may include online credentials822 (such as online credentials 135 shown in FIG. 1 ), phone credentials824 (such as phone credentials 125 shown in FIG. 1 ), and calleridentities 826. In some embodiments, database 820 is similar to database520 (shown in FIG. 5 ).

Computing device 810 may include the database 820, as well as datastorage devices 830. Computing device 810 may also include acommunication component 840 for receiving 405 a phone call and receiving415 online authentication credentials (both shown in FIG. 4 ). Computingdevice 810 may also include a determining component 850 for determining410 a preliminary identity and determining 420 a confirmed identity(both shown in FIG. 4 ). Computing device 810 may further include adisplaying component 860 for displaying 425 the confirmed identity(shown in FIG. 4 ). A processing component 870 may assist with executionof computer-executable instructions associated with the system.

Exemplary Application

FIG. 9 depicts an exemplary mobile device application (“App”) 115 foruse with authenticating a caller. The App 115 may be running on theremote computer device 110 shown in FIG. 1 . The App 115 may be providedby, or associated with, an insurance provider. Or the App 115 may beassociated with any company or service that desires the users to contacta call center or customer service through the application. The App 115may also be associated with users that desire to contact customerservice without having to step through multiple authenticationchallenges. For instance, the App 115 may include a splash page 905,also known as a menu page that displays multiple options for the user toselect. For example, one of the options may be a contact us 910. Thismay be a button or selection that the user may click on to select. Inone embodiment, when the user selects the contact us 910 option, the App115 may display further options 915 that the user/caller may select.These further options 915 may be phone numbers, departments, or servicesthat the user/caller is looking to contact someone about.

Exemplary Detailed Embodiment

FIGS. 10A-10C depict an exemplary detailed schematic diagram of theprocess of authenticating a caller using authentication credentials fromboth phone and online sources where the caller initiated the call usingan application. FIGS. 10A-10C outlines one potential process and aplurality of devices and steps that would interact to perform theprocess of authenticating a caller using authentication credentials fromboth phone and online sources where the caller initiated the call usingan application.

In FIGS. 10A-10C, a caller may use an application on their mobiledevice, such as the Pocket Agent application shown herein. By clickingon the Contact Us button, the caller may initiate a phone call to acustomer care associate (CCA) at a call center. The mobile device andapplication may connect the call using a telecommunications network. Thetelecommunications network may use an automatic number identifier (ANI)service to automatically determine the originating phone number for thecall (e.g., the number assigned to the caller device making the call).The telecommunications network may route the phone call to a networkassociated with the call center. The network may confirm the phonenumber by using an external automatic caller authentication server, suchas TrustID show in the Figure. The network may route information aboutthe phone call to the call center workbench to verify the customer. Therouted information may include the phone credentials of the caller.

Simultaneously, the application may initiate a HTTP request using arepresentational state transfer (RESTful) call to transfer data to thecall center workbench. The data may contain the online credentials ofthe caller. The data may be routed to an authentication server, such asOpenAM. The authentication server may route the data to a deviceauthentication service, such as the FIDO UAF server shown in the Figure.If the device is authenticated, the authentication service may route thedata to a security session, which may establish a level of assurance ofthe call. The online credentials and level of assurance of the callbased on the call may then be transmitted to the call center workbench.

The call center workbench may combine the online credentials, the calllevel of assurance, and the information routed from the phone network.Based on the combined data, the call center workbench may instruct thenetwork to release the call to the customer care associate. This processmay occur automatically, without requiring additional input from thecaller.

Exemplary Sequences Flows of Additional Embodiments

FIG. 11 depicts an exemplary detailed sequence flow of a process 1100 ofauthenticating a caller 105 using authentication credentials from bothphone and online sources where caller 105 initiated the call usingapplication 115. FIG. 11 outlines one potential process and a pluralityof devices and steps that would interact to perform the process ofauthenticating caller 105 using the authentication credentials from bothphone and online sources where caller 105 initiated the call usingapplication 115.

In the exemplary embodiment, caller 105 may use application 115 onmobile device 110 to initiate a call to a customer call center. Caller105 may provide one or more pieces of biometric data 1105 to mobiledevice 110, such as a picture of caller's fingerprint or retina.Application 115 may transmit biometric data 1105 to onlineauthentication server 210. Online authentication server 210 may comparebiometric data 1105 to previously stored biometric data associated withcaller 105 to authenticate caller 105.

If the data matches, then online authentication server 210 may transmita request 1110 for an additional online credential 135 (shown in FIG. 1), such as a public key, a private key, or a digital certificate from apublic key infrastructure (PKI). In at least one embodiment, mobiledevice 110 may transmit a response 1115 to online authentication server210 asserting the requested online credential 135. If the assertion iscorrect, then online authentication server 210 may consider caller 105to have been authenticated based on multi-factor authentication.

In these embodiments, while the online authentication is occurring, aphone call 1120 has been placed by caller 105. Phone authenticationserver 205 may receive phone call 1120 or a request to connect phonecall 1120. Phone authentication server 205 may transmit telephoneauthentication information 1125 to online authentication server 210.Telephone authentication information 1125 may be based upon informationthat phone authentication server 205 received as a part of phone call1120.

Online authentication server 210 combines telephone authenticationinformation 1125 with authenticated online credentials. If the sets ofcredentials all match up, then online authentication server 210 maytransmit authentication status information 1130 about phone call 1120and caller 105 to call center representative 145, while phoneauthentication server 205 connects phone call 1120 to call centerrepresentative 145. In some embodiments, online authentication server210 may transmit authentication status information 1130 to CA server 140(as shown in FIG. 1 ) and CA server 140 may transmit authenticationstatus information 1130 to call center representative 145. In someembodiments, authentication status information 1130 includes a level ofassurance that the caller's identity is confirmed. In some embodiments,authentication status information 1130 includes a confirmed identity ofcaller 105.

FIG. 12 depicts an additional detailed sequence flow of a process 1200of authenticating a caller 105 using authentication credentials fromboth phone and online sources where caller 105 initiated the call usingapplication 115. FIG. 12 outlines one potential process and a pluralityof devices and steps that would interact to perform the process ofauthenticating caller 105 using the authentication credentials from bothphone and online sources where caller 105 initiated the call usingapplication 115.

In the exemplary embodiment, caller 105 may use application 115 onmobile device 110 to initiate a call to a customer call center. Caller105 may provide one or more pieces of biometric data 1105 to mobiledevice 110, such as a picture of caller's fingerprint or retina.Application 115 may transmit biometric data 1105 to onlineauthentication server 210. Online authentication server 210 may comparebiometric data 1105 to previously stored biometric data associated withcaller 105 to authenticate caller 105.

If the data matches, then online authentication server 210 may transmita request 1110 for an additional online credential 135 (shown in FIG. 1), such as a public key, a private key, or a digital certificate from apublic key infrastructure (PKI). In at least one embodiment, mobiledevice 110 may transmit a response 1115 to online authentication server210 asserting the requested online credential 135. If the assertion iscorrect, then online authentication server 210 may consider caller 105to have been authenticated based on multi-factor authentication.

After authenticating caller 105, online authentication server 210 maytransmit authentication information 1205 to phone authentication server205. Authentication information 1205 may cause phone authenticationserver 205 to transmit call information 1210 to application 115. In anexemplary embodiment, call information 1210 may include a unique 1-800number (e.g., or another toll free telephone number) to be used forcaller's call. For example, phone authentication server 205 may haveaccess to a plurality of 1-800 numbers that are assigned to the callcenter, but are not assigned to individuals. Phone authentication server205 may temporarily assign one of these numbers to caller 105 to be usedfor caller's call. Phone authentication server 205 may transmit thetemporarily assigned number to application 115 and mobile device 110 incall information 1210. Then application 115 may cause mobile device 110to initiate a phone call 1120 using the received temporary phone number.In these exemplary embodiments, application 115 initiates phone call1120 without requiring additional input from caller 105.

By using the received phone number, phone call 1120 may be routed to anappropriate call center representative 145. This temporary phone numberprovides an addition authentication credential. As the temporary phonenumber has not been given to anyone else, the level of assurance thatcaller 105 is the individual associated with phone call 1120 is muchhigher. In some situations, although highly unlikely, an individual maycall temporary phone number at the point in time when it is assigned tocaller 105. In these situations, phone authentication server 205 mayreceive phone credentials 125 (shown in FIG. 1 ), such as device printfrom the phone used to call the temporary number. If the device printmatches the phone that phone authentication server 205 is expecting,then phone call 1120 may be transferred to call center representative145. Otherwise, phone authentication server 205 may block phone call1120.

In some embodiments, CA server 140 (shown in FIG. 1 ) may receive phonecall 1120 and authentication information 1205 from online authenticationserver 210. CA server 140 may combine phone call 1120 withauthentication information 1205 and route both to call centerrepresentative 145.

In some further embodiments, call information 1210 may include one ormore pieces of information that instruct a soft dialer programassociated with application 115 to initiate phone call 1120. In theseembodiments, phone call 1120 is not initiated until after onlineauthentication server 210 authenticates caller 105.

Exemplary Embodiments & Functionality

In one embodiment, a computer system for authenticating the identity ofa caller may be provided. The computer system may (i) receive a phonecall from a caller, wherein the phone call is initiated through anapplication on a remote computer device associated with the caller,wherein the phone call includes one or more phone authenticationcredentials; (ii) determine a preliminary identity of the caller basedupon the one or more phone authentication credentials; (iii) receiveonline authentication credentials from the application on the remotecomputer device; (iv) determine a confirmed identity of the callerbased, at least in part, on the one or more online credentials and thepreliminary identity of the caller; and/or (v) display the confirmedidentity of the caller to a user answering the phone call to facilitatequickly and automatically authenticating the identity of the caller toprevent the caller from being negatively impacted by lengthy andpotentially annoying authentication procedures (e.g., answering aplurality of security questions and/or manually providing authenticationinformation).

A further enhancement may be where the computer system may place thereceived phone call in a queue and release the phone call from the queuebased upon determining a confirmed identity of the caller.

The computer system may achieve the above results by comparing the oneor more phone authentication credentials with a stored database ofidentities, and determining the preliminary identity of the caller basedupon the comparison. The computer system may further compare the one ormore online credentials with the preliminary identity of the caller anda database of identities. The database of identities may include aplurality of identities, wherein the database may be configured to besearched based upon phone number. The computer system may then determinea confirmed identity of the caller based upon the comparison.

The computer system described herein may be a mobile phone associatedwith the caller. Then the application may initiate the phone call usinga dialing application on the mobile phone. The computer system describedhere may instead require the application to initiate the phone callusing a voice over IP application on the remote computer device.

Phone authentication credentials described herein may include at leastone of a phone authentication system, data verification system,automatic number identification, dialed number identification service,and/or a root check system result.

Online authentication credentials described herein may include at leastone of a mobile device print, geolocation data, a user fingerprint,facial recognition information, public key infrastructure token, QRcode, pincode, and/or username+password.

A further enhancement may be where the computer system may receive logininformation from the caller to access the application. The applicationmay then transmit at least one of the login information and anacknowledgement of the login information in the online authenticationcredentials. This login information may include a caller fingerprint andthe acknowledgement may be a verification code.

An additional component of the present embodiments may be a third-partyserver. The computer system may not perform authentication itself, andmay instead transmit at least one of the online authenticationcredentials and the phone authentication credentials to the third-partyserver for verification.

A further enhancement may be where the computer system described hereinmay be associated with a call center and the user is a call centerassociate who receives the phone call and may be associated with a callcenter. The confirmed identity of the caller and associated phone numbermay be displayed to the user/call center associate.

A further enhancement may include levels of assurance. Under theselevels of assurance the preliminary identity of the caller may beassociated with a first level of assurance. The confirmed identity ofthe caller may be associated with a second level of assurance, whereinthe second level of assurance is higher than the first level ofassurance. There may be additional levels assurance above, below, or inbetween, the first and second levels of assurance.

Machine Learning & Other Matters

The computer-implemented methods discussed herein may includeadditional, less, or alternate actions, including those discussedelsewhere herein. The methods may be implemented via one or more localor remote processors, transceivers, and/or sensors (such as processors,transceivers, and/or sensors mounted on vehicles or mobile devices, orassociated with smart infrastructure or remote servers), and/or viacomputer-executable instructions stored on non-transitorycomputer-readable media or medium.

Additionally, the computer systems discussed herein may includeadditional, less, or alternate functionality, including that discussedelsewhere herein. The computer systems discussed herein may include orbe implemented via computer-executable instructions stored onnon-transitory computer-readable media or medium.

A processor or a processing element may be trained using supervised orunsupervised machine learning, and the machine learning program mayemploy a neural network, which may be a convolutional neural network, adeep learning neural network, or a combined learning module or programthat learns in two or more fields or areas of interest. Machine learningmay involve identifying and recognizing patterns in existing data inorder to facilitate making predictions for subsequent data. Models maybe created based upon example inputs in order to make valid and reliablepredictions for novel inputs.

Additionally or alternatively, the machine learning programs may betrained by inputting sample data sets or certain data into the programs,such as image, mobile device, vehicle telematics, and/or intelligenthome telematics data. The machine learning programs may utilize deeplearning algorithms that may be primarily focused on patternrecognition, and may be trained after processing multiple examples. Themachine learning programs may include Bayesian program learning (BPL),voice recognition and synthesis, image or object recognition, opticalcharacter recognition, and/or natural language processing—eitherindividually or in combination. The machine learning programs may alsoinclude natural language processing, semantic analysis, automaticreasoning, and/or machine learning.

In supervised machine learning, a processing element may be providedwith example inputs and their associated outputs, and may seek todiscover a general rule that maps inputs to outputs, so that whensubsequent novel inputs are provided the processing element may, basedupon the discovered rule, accurately predict the correct output. Inunsupervised machine learning, the processing element may be required tofind its own structure in unlabeled example inputs. In one embodiment,machine learning techniques may be used to extract the relevant phonecredentials and/or online credentials for the caller from devicedetails, login details, mobile device sensors, geolocation information,image data, and/or other data.

In one embodiment, a processing element may be trained by providing itwith a large sample of phone and/or online credentials with knowncharacteristics or features. Such information may include, for example,fingerprint, device print, verification codes, PBQA, and/or passivevoice analysis.

Based upon these analyses, the processing element may learn how toidentify characteristics and patterns that may then be applied toanalyzing sensor data, authentication data, image data, mobile devicedata, and/or other data. For example, the processing element may learn,with the caller's permission or affirmative consent, to identify thecaller by name and phone number based upon any of a plurality ofcredential types. As a result, at the time of a call placed by thecaller, providing quick and automatic authentication of the identity ofthe caller to prevent the caller from being negatively impacted bylengthy and potentially annoying authentication procedures (e.g.,answering a plurality of security questions and/or manually providingauthentication information).

ADDITIONAL CONSIDERATIONS

As will be appreciated based upon the foregoing specification, theabove-described embodiments of the disclosure may be implemented usingcomputer programming or engineering techniques including computersoftware, firmware, hardware or any combination or subset thereof. Anysuch resulting program, having computer-readable code means, may beembodied or provided within one or more computer-readable media, therebymaking a computer program product, i.e., an article of manufacture,according to the discussed embodiments of the disclosure. Thecomputer-readable media may be, for example, but is not limited to, afixed (hard) drive, diskette, optical disk, magnetic tape, semiconductormemory such as read-only memory (ROM), and/or any transmitting/receivingmedium, such as the Internet or other communication network or link. Thearticle of manufacture containing the computer code may be made and/orused by executing the code directly from one medium, by copying the codefrom one medium to another medium, or by transmitting the code over anetwork.

These computer programs (also known as programs, software, softwareapplications, “apps”, or code) include machine instructions for aprogrammable processor, and can be implemented in a high-levelprocedural and/or object-oriented programming language, and/or inassembly/machine language. As used herein, the terms “machine-readablemedium” “computer-readable medium” refers to any computer programproduct, apparatus and/or device (e.g., magnetic discs, optical disks,memory, Programmable Logic Devices (PLDs)) used to provide machineinstructions and/or data to a programmable processor, including amachine-readable medium that receives machine instructions as amachine-readable signal. The “machine-readable medium” and“computer-readable medium,” however, do not include transitory signals.The term “machine-readable signal” refers to any signal used to providemachine instructions and/or data to a programmable processor.

As used herein, a processor may include any programmable systemincluding systems using micro-controllers, reduced instruction setcircuits (RISC), application specific integrated circuits (ASICs), logiccircuits, and any other circuit or processor capable of executing thefunctions described herein. The above examples are example only, and arethus not intended to limit in any way the definition and/or meaning ofthe term “processor.”

As used herein, the terms “software” and “firmware” are interchangeable,and include any computer program stored in memory for execution by aprocessor, including RAM memory, ROM memory, EPROM memory, EEPROMmemory, and non-volatile RAM (NVRAM) memory. The above memory types areexample only, and are thus not limiting as to the types of memory usablefor storage of a computer program.

In one embodiment, a computer program is provided, and the program isembodied on a computer readable medium. In an exemplary embodiment, thesystem is executed on a single computer system, without requiring aconnection to a sever computer. In a further embodiment, the system isbeing run in a Windows® environment (Windows is a registered trademarkof Microsoft Corporation, Redmond, Wash.). In yet another embodiment,the system is run on a mainframe environment and a UNIX® serverenvironment (UNIX is a registered trademark of X/Open Company Limitedlocated in Reading, Berkshire, United Kingdom). The application isflexible and designed to run in various different environments withoutcompromising any major functionality.

In some embodiments, the system includes multiple components distributedamong a plurality of computing devices. One or more components may be inthe form of computer-executable instructions embodied in acomputer-readable medium. The systems and processes are not limited tothe specific embodiments described herein. In addition, components ofeach system and each process can be practiced independent and separatefrom other components and processes described herein. Each component andprocess can also be used in combination with other assembly packages andprocesses.

As used herein, an element or step recited in the singular and precededby the word “a” or “an” should be understood as not excluding pluralelements or steps, unless such exclusion is explicitly recited.Furthermore, references to “example embodiment” or “one embodiment” ofthe present disclosure are not intended to be interpreted as excludingthe existence of additional embodiments that also incorporate therecited features.

The patent claims at the end of this document are not intended to beconstrued under 35 U.S.C. § 112(f) unless traditionalmeans-plus-function language is expressly recited, such as “means for”or “step for” language being expressly recited in the claim(s).

This written description uses examples to disclose the disclosure,including the best mode, and also to enable any person skilled in theart to practice the disclosure, including making and using any devicesor systems and performing any incorporated methods. The patentable scopeof the disclosure is defined by the claims, and may include otherexamples that occur to those skilled in the art. Such other examples areintended to be within the scope of the claims if they have structuralelements that do not differ from the literal language of the claims, orif they include equivalent structural elements with insubstantialdifferences from the literal language of the claims.

We claim:
 1. A computer system for authenticating an identity of acaller, the computer system comprising: at least one processor incommunication with at least one memory device, the at least oneprocessor configured to: receive, via a phone call path opened by anapplication executed on a mobile device, one or more phone credentialsassociated with a phone call initiated by the caller; receive, via anonline path opened by the application or the mobile device, one or moreonline credentials associated with the caller initiating the phone call;and authenticate the caller based, at least in part upon, the one ormore phone credentials and the one or more online credentials.
 2. Thecomputer system of claim 1, wherein the one or more phone credentialsinclude at least one of an automatic number identification (ANI), dialednumber identification service results, dialed number identificationservice inputs, phone authentication system inputs, phone authenticationsystem results, or root check system results.
 3. The computer system ofclaim 1, wherein the one or more online credentials include at least oneof a mobile device print, geolocation data, a user fingerprint, facialrecognition information, a public key infrastructure token, a QR code, apincode, a username+password, or a verification code.
 4. The computersystem of claim 1, wherein the at least one processor is furtherconfigured to request, from the mobile device, one or more additionalonline credentials in response to the one or more online credentialsmatching previously stored one or more online credentials associatedwith the caller.
 5. The computer system of claim 4, wherein the one ormore additional online credentials include a public key, a private key,or a digital certificate from a public key infrastructure (PKI).
 6. Thecomputer system of claim 1, wherein the at least one processor isfurther configured to: in response to authenticating the caller,transmit call information to at least one of the application or themobile device, wherein the call information includes a temporary phonenumber assigned to the caller; receive, the temporary phone number, afurther phone call received from the mobile device; and route, basedupon the temporary phone number, the further phone call to anappropriate call recipient.
 7. The computer system of claim 6, whereintransmitting the call information further comprises causing theapplication to initiate, using the mobile device and without additionalinput from the caller, the further phone call using the temporary phonenumber.
 8. The computer system of claim 1, wherein the at least oneprocessor is further configured to generate authentication informationbased on authenticating the caller, wherein the authenticationinformation is related to the identity of the caller.
 9. Acomputer-implemented method for authenticating an identity of a caller,the method implemented by a computer system including at least oneprocessor in communication with at least one memory device, thecomputer-implemented method comprising: receiving, via a phone call pathopened by an application executed on a mobile device, one or more phonecredentials associated with a phone call initiated by the caller;receiving, via an online path opened by the application or the mobiledevice, one or more online credentials associated with the callerinitiating the phone call; and authenticate the caller based, at leastin part upon, the one or more phone credentials and the one or moreonline credentials.
 10. The computer-implemented method of claim 9,wherein the one or more phone credentials include at least one of anautomatic number identification (ANI), dialed number identificationservice results, dialed number identification service inputs, phoneauthentication system inputs, phone authentication system results, orroot check system results.
 11. The computer-implemented method of claim9, wherein the one or more online credentials include at least one of amobile device print, geolocation data, a user fingerprint, facialrecognition information, a public key infrastructure token, a QR code, apincode, a username+password, or a verification code.
 12. Thecomputer-implemented method of claim 9 further comprising requesting,from the mobile device, one or more additional online credentials inresponse to the one or more online credentials matching previouslystored one or more online credentials associated with the caller. 13.The computer-implemented method of claim 12, wherein the one or moreadditional online credentials include a public key, a private key, or adigital certificate from a public key infrastructure (PKI).
 14. Thecomputer-implemented method of claim 9 further comprising: in responseto authenticating the caller, transmitting call information to at leastone of the application or the mobile device, wherein the callinformation includes a temporary phone number assigned to the caller;receiving, the temporary phone number, a further phone call receivedfrom the mobile device; and routing, based upon the temporary phonenumber, the further phone call to an appropriate call recipient.
 15. Thecomputer-implemented method of claim 14, wherein transmitting the callinformation further comprises causing the application to initiate, usingthe mobile device and without additional input from the caller, thefurther phone call using the temporary phone number.
 16. Thecomputer-implemented method of claim 9 further comprising generatingauthentication information based on authenticating the caller, whereinthe authentication information is related to the identity of the caller.17. At least one non-transitory computer-readable storage medium havingcomputer-executable instructions embodied thereon, wherein when executedby at least one processor in communication with a memory device andincluded in a computer system for authenticating an identity of acaller, the computer-executable instructions cause the at least oneprocessor to: receive, via a phone call path opened by an applicationexecuted on a mobile device, one or more phone credentials associatedwith a phone call initiated by the caller; receive, via an online pathopened by the application or the mobile device, one or more onlinecredentials associated with the caller initiating the phone call; andauthenticate the caller based, at least in part upon, the one or morephone credentials and the one or more online credentials.
 18. Thecomputer-readable storage medium of claim 17, wherein thecomputer-executable instructions further cause the at least oneprocessor to request, from the mobile device, one or more additionalonline credentials in response to the one or more online credentialsmatching previously stored one or more online credentials associatedwith the caller.
 19. The computer-readable storage medium of claim 17,wherein the computer-executable instructions further cause the at leastone processor to: in response to authenticating the caller, transmitcall information to at least one of the application or the mobiledevice, wherein the call information includes a temporary phone numberassigned to the caller; receive, the temporary phone number, a furtherphone call received from the mobile device; and route, based upon thetemporary phone number, the further phone call to an appropriate callrecipient.
 20. The computer-readable storage medium of claim 17, whereinthe computer-executable instructions further cause the at least oneprocessor to generate authentication information based on authenticatingthe caller, wherein the authentication information is related to theidentity of the caller.